Beware of the IDIoT (Incredibly Dangerous Internet of Things)

9
2553
Print Friendly, PDF & Email

Editor’s Note: This post is another entry in the Prepper Writing Contest from John D. If you have information for Preppers that you would like to share and possibly win a $300 Amazon Gift Card to purchase your own prepping supplies, enter today.


As preppers, we’re perhaps more aware than most of what COULD happen. We hope for the best, but prepare for the worst. To minimize our vulnerability to the lawlessness that would follow an apocalyptic event, we arm ourselves and harden our homes. We actively look for ways to increase our chances of survival. We understand that the household items we depend on every day must be reliable, because they may not be easily replaced after the SHTF.

When we buy a new TV, refrigerator, toaster, microwave oven, or any other appliance, we expect years of reliable operation. Breakdowns are rare in the first few years of the product’s life. The ONLY product that doesn’t consistently measure up, where reliability is concerned, is the personal computer. And, not only do computers have a high failure rate, they can allow outsiders to access personal information.

While computer hardware and software should be more robust, it’s not entirely the manufacturer’s fault. Unlike other appliances, most computers connect to the world-wide-web, providing a potential entry point for hackers. Because a dishwasher, refrigerator, toaster have no such web connection, there is no danger of those items being hacked. At least not yet.

You may believe that everything is under control as far as your computer is concerned. You’ve purchased and installed the latest-greatest anti-virus software. The firewall is configured and turned on. You apply security updates as they become available, run periodic scans, and check removable media each time it’s connected to the computer. These activities are important, but at the same time provide a false sense of security. Hackers look for opportunities to trick you into letting them in, or into disclosing sensitive information. That practice is known as “Social Engineering“. Hackers also look for vulnerabilities in computer hardware and software, and attempt to exploit them BEFORE the anti-virus software is aware of those issues. In an effort to keep up, anti-virus software companies publish and push updates to your computer almost daily. In cases where hackers were one step ahead of the anti-virus software providers, infections have occurred. Still, you don’t worry too much, because you know that for the price of a couple of hamburgers and a six-pack of beer, your nephew can fix just about any problem you may have.

Computers are simply tools. They should conform to our needs, not the other way around.

It seems that we’ve accepted the fact that we have to do a lot, just to keep a computer running, and our data secure. Even though a computer is the only product that requires a lot of attention, we don’t complain, not too much anyway. What does all of this have to do with prepping? Bear with me, I’m getting to that.

Computer technology affects our lives in many ways. It’s in our appliances, and our automobiles. Computers have been in cars for many years, monitoring sensors to detect problems, running the dashboard display, and controlling battery charging, just to name a few tasks. Those computers are reliable, primarily because they’re not grid connected. There’s no remote entry point for hackers, and hackers don’t make house calls. On the other hand, grid connected cars offer features such as traffic reports in real-time, remote starting, and remote unlocking. Features like that would not be possible without remote connections. However, by accepting grid connected cars, we’re headed down a slippery slope. I’m not talking about a far-fetched conspiracy theory, it’s already been proven. Under test conditions, grid connected cars have been hacked. Millions of vehicles have been recalled. If it happens in real-life, the result could be deadly crashes. And, it doesn’t have to be YOUR car that’s hacked. Imagine a hacked car, out of control, coming into your lane of traffic.

When hackers unite, or employ zombie computers, to focus a coordinated attack, it’s known as a Distributed Denial of Service (DDS) attack. While that typically refers to a single company or website, imagine a DDS-like attack on grid connected cars. It’s not hard to imagine a high percentage of cars suddenly going out of control, resulting in mass casualties, and too few resources to deal with them. That could lead to societal collapse, the kind of thing that we, as preppers, prepare for.

Another serious security issue related to automobiles is the remote starting feature. If your car is in a closed garage, attached to your house, a potential for carbon monoxide poisoning exists. Imagine a scenario where a hacker is able to start your car, at night, when everyone in the house is sleeping. It wouldn’t take long for deadly carbon monoxide to spread to every room. Some remote start systems include safety features, but do you really want to put that much faith in technology?

As if connected cars don’t represent enough potential danger, your connected car can be used to track your movements. The same can be said for cell phones and club memberships. I’ll save those issues for a future article.

Will we someday have to apply security patches to our cars, and make appointments with the dealership to have viruses removed? It seems we’re headed in that direction. The computer industry is either unable, or unwilling, to give us hacker-proof products. We can’t count on the computer industry to keep us safe.

Cars are not the only thing we have to worry about. So called “smart appliances” are part of an overall Smart Grid strategy. A major benefit of the Smart Grid is to facilitate reducing electricity usage during periods of high demand. This benefits the consumer, as well as the provider. Today, just about all appliances are available as smart appliances. Collectively known as the “Internet of Things”, or IoT, many are of limited value to the consumer. A smart refrigerator, for example, may cut your electric bill slightly, but offers little advantage other than that. Someday, your smart refrigerator may tell you when food is about to spoil. That’s a good thing, I suppose, when it works correctly. However, if your refrigerator is “hacked”, it may trick you into consuming spoiled food. Imagine that; a hacker can poison you by operating through your refrigerator!

Instead of opting for an expensive smart refrigerator, why not choose a standard model, and adjust its thermostat to the highest temperature setting that still provides an adequate level of cooling? You don’t need to be grid connected to save money.

A smart clothes dryer can be programmed to send an alert to your phone when your clothes are dry. Yes, there’s an app for that, but do your really need it? A hacker may send a signal to apply maximum heat, even after your clothes are dry, in an attempt to start a fire. To believe there is no danger is to put a lot of faith in over-temperature sensors. I don’t want to do that.

Internet control of a home thermostat may allow you to save money on heating and cooling, but it also provides an opportunity for hackers. If a hacker makes adjustments to your thermostat, it’s inconvenient. If a hacker makes adjustments to thousands of thermostats, the result could be a grid overload, leading to a widespread power outage. Consider a locally programmable thermostat instead, not a grid connected one. A locally programmable thermostat, also known as a set-back thermostat, can help to keep your heating and cooling costs down, but without the hacking risk.

Some camera-based home security systems are grid connected. Isn’t it great to be able to keep an eye on your home and pets while you’re away? You might think that you’re the only one who has access to the video feed, but you might be wrong. Imagine hackers watching you as you move around your home, sometimes not fully dressed. The only thing protecting your privacy is your user name and password. Be aware that user names can be easily guessed, and software is available that can easily “crack” passwords, even passwords considered highly secure. There are already reports of security cameras and baby monitors being compromised. In one case, a man was caught screaming obscenities at a baby.

Speaking of camera’s, someone may be watching you RIGHT NOW via your laptop’s built-in web cam. Hackers know how to do that, and can do it without turning on the little red LED camera indicator. Hackers can also disable the “shutter sound” when taking pictures with your web cam. If you’re not using it, cover your web cam with a piece of tape.

When setting up an IoT device, be sure to change the default user name and password to those that cannot be easily guessed. For example: If your name is John Smith, don’t use Jsmith as your user name. It’s too easy to guess. And, as a rule of thumb, don’t use any English word as your password. Instead, consider changing some of the letters to numbers or special characters. For example: The word “Boatman” can be modified by changing the “o” to a zero, and changing the “a’s” to @’s, and by adding a punctuation mark at the end. The result is a much more secure, but easy to remember password, B0@tm@n$.

Even if you do those things, don’t assume that the device is secure. Use encryption, if that feature is available. Many “connected” devices send user names and passwords in plain text., instead of sending them encrypted. As you “log-in”, perhaps from a phone or mobile computing device, a hacker may intercept your credentials, and later use them to impersonate you.

The use of public wi-fi makes you susceptible to two specific types of attacks, Man in the Middle, and Evil Twin. Without going into too much detail about those, an attacker intercepts your communications and steals your information, usually without you knowing about it. Included are your user name and password, making it possible for the hacker to impersonate you at a later time. Avoid public wi-fi when doing banking transactions, accessing credit card accounts, making on-line purchases, and when accessing email.

Protecting sensitive information is not easy in a “connected” world, just ask Hillary Clinton. Although she had help from IT professionals, used sophisticated software, and smashed devices with a hammer, more than 30,000 emails that she tried to hide or destroy, were recovered. Osama Bin Laden understood the danger of being “on-line”. His solution was to employ couriers to transfer sensitive information using removable media, instead of email.

Conclusion

A connected world is a dangerous world. You and your family could be maimed, burned, robbed, stalked, exposed, suffocated, poisoned, or at the very least, embarrassed. Grid connected devices, and devices that send and receive radio signals, give hackers a potential way in. A way in is every much as dangerous as leaving doors unlocked, and keys in your car. Sooner or later someone will notice, and take advantage. While a robust password may stop some intrusions, it won’t stop an experienced hacker. Although you may do everything correctly, a hacker may exploit a software or hardware vulnerability to gain privileged access to your equipment.

Cars and appliances that are not grid connected, or not remotely activated, have no easy entry point for hackers. If you must use high-tech devices, use those that are locally programmable, and not grid connected. Consider low-tech devices, like an old-fashion manual thermostat, instead of a more modern electronic one. Because of its construction, it can’t be hacked, and isn’t susceptible to EMP’s. Low-tech devices are also less susceptible to power surges and lightning strikes, so you may save money by not having to replace them as often.

So what does all of this have to do with prepping? Technology fails in many SHTF scenarios. For that reason it’s wise to avoid dependence on technology. The avoidance of grid connected devices takes this to the next level. It could PREVENT Teotwawki. Preventing Teotwawki is much better than dealing with its aftermath.

Only you can prevent TEOTWAWKI
Only you can prevent TEOTWAWKI

 

About the author: John D has earned several computer industry certifications, including Microsoft Certified Systems Engineer (MCSE), and Security+. He has worked for the U.S. Department of the Interior, and Department of Defense, primarily performing computer and network security-related functions. John D is an experienced microcomputer-based equipment developer, programmer, and an experienced Electronics Technician. He has received commendations for his work, including an award for a device he developed to aid the physically disabled, and an award for his efforts to assist the people of Haiti, in the aftermath of an earthquake. As a hobby, John D is involved with alternative energy projects.

9
Leave a Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
RAIDER
Guest
RAIDER

Great article, next time I will buy a Mac.

praeparāre
Guest
praeparāre

You’re kidding, right?

Hmm…
http://money.cnn.com/2015/06/03/technology/mac-bug/index.html

Looks like even uber secretive Apple admits their software needs regular security maintenance.
https://support.apple.com/en-us/HT201222

I personally like this one, which includes “…security researchers are saying Mac OS X is the most vulnerable operating system out there.”
https://www.intego.com/mac-security-blog/mac-osx-ios-security-vulnerability-chart/

These were three of many articles that took five seconds of searching that discuss Mac security shortcomings. In short, NO computer is hack-proof. To believe otherwise is inviting potential disaster.

Computer Security Geek
Guest
Computer Security Geek

I’m a certified computer security professional and a Mac is just as susceptible to malware as any other computer. Please don’t fall into the trap of thinking that Macs are secure.

I know that a lot of people think they are secure and I know that some may be tempted to jump on here and try to argue this. You can believe what you want – but would you trust your fate to something you read on the Internet | heard from a friend – or would you prefer to believe the word of an experienced professional?

paul crosley
Guest
paul crosley

Very good! For vehicles it is best to get a pre 1984, even if only for backup. No computers. Also avoid such insipid sites such as Facebook, Twitter, etc. Too many people voluntarily give away personal info. It seems it is mostly the younger (zombie) generations doing this. Go to any college campus and watch the students at the change of class. Most will be walking around looking at their stupid “smart” phones.
Technology is fine if it is your servant and not your master. Or your addiction.

christopher
Guest
christopher

excellent advise. i know of a guy that had law enforcement reach out to him a year ago due to they caught some bad people that had all his info: about him and his kids, had pictures of his kids & house. he was on the net and wasnt aware of who he was talking to and posted too much information. he got lucky.. scared the bejeebees out of him when they showed him the info.

Huples
Guest
Huples

The issues with computers are the same as those with cell phones. Don’t have a data plan with that smart phone

BobW
Guest
BobW

Glad to see you hit on car tech. If Ford/Chevy/Ram can send you a monthly “how your car is doing”, then your car can be hacked. The govt knows you stopped at the gun store and hooters on the way home.

Going no-tech with my next car.

The Deplorable Cruella DeVille
Guest
The Deplorable Cruella DeVille

Late to the party, but good article. Especially in light of this weeks hack on the DNS infrastructure of the net… The origin of the attacking “bots” has been tracked down using the MAC address encoded into every network device. They are “things”, not full blown computers. In this particular event it’s primary web connected cameras. There are millions of the things and transparently it’s relatively easy to remotely program them. And since no one ever changes the login from admin/password, it’s incredibly easy to gain access. The moral of the story is don’t do “Things”! ie: Do NOT connect… Read more »

John D
Guest
John D

Wow! Who would have thought you would have to reboot your refrigerator to correct a problem? A few years back we had reliable refrigerators. I know I’ve gone 10 to 20 years without a failure. Having spent more than 40 years repairing electrical, electronic, and computer-based equipment, I’m sad to see how things have evolved, and not just reliability issues. Every aspect of our lives can be exposed through our devices. We no longer have privacy. And, worst of all, at some point we won’t have the option of buying non-connected devices. We’ll be forced to keep our thermostats at… Read more »